Method and arrangement for variably generating cryptographic securities in a host device

ABSTRACT

In a method and arrangement for variable generation of cryptographic securities of communications in a host device, for cryptographic security of a communication for a first purpose a first signature is used and for cryptographic security of a communication for a second purpose a second signature is used, the signatures being differentiated from each other by the type of their generation. A cryptologic module has a number of logic circuits and a changeover switch and is arranged externally of the postal security device and is connected at its output with an information input of the postal security device that has a logic circuit that applies a digital signal algorithm to the output signal supplied by the output in order to generate a signature.

RELATED APPLICATION

The present application is a divisional application of Ser. No.10/690,012, filed Oct. 21, 2003.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention concerns a method and an arrangement for variablegeneration of cryptographic securities, such as for protectingcommunications, in a host device, of a type suitable for mail processingand having a security module such as franking machines, addressingmachines, and similar devices.

2. Description of the Prior Art

A franking imprint contains an indicia representing previously enteredand stored postal information, including the mailing fee data to deliverthe letter. Modern franking machines enable printing of a specialmarking in addition to the aforementioned notice. For example, aCommunication Authentication Code is generated from the aforementionedindicia and then forms a barcode as a marking. When a security imprintis printed with such a marking, it enables a verification of thevalidity of the security of the security imprint, for example in thepost office (U.S. Pat. No. 5,953,426).

The franking machine JetMail® manufactured by Francotyp-Postalia AG &Co. KG, is equipped with a base and with a detachable meter. The lattercontains a security module that, for example, generates a digitalsignature for a security printing by the franking machine (U.S. Pat. No.6,041,704).

Furthermore, it is known to cryptographically secure the data exchangebetween a franking machine and a remote data central when a credit valueis downloaded. A security module for this purpose can include a hardwareaccounting unit and a unit to secure the printing of the postal fee data(European Application 789 333). The hardware accounting unit is realizedwith an ASIC, and the other unit is realized with an OTP (One TimeProgrammable processor). The accounting event thus cannot be manipulatedby means of a program attenuation, and moreover an arbitrarycryptographic algorithm can be stored in the read-only memory for theOTP processor such that it can be called. An internal OTP storage(memory) stores readable but protected data (among other things,cryptographic keys) that, for example, are necessary to download acredit or to generate a cryptographic security of a communication of thefranking machine. A known encoding algorithm, for example DataEncryption Standard (DES), thus can be used for the formation of MAC'sfor communications of different types, whereby for each type apredetermined cryptographic key is agreed on (stipulated). A securityhousing of the security module provides external protection againstdisclosure of the cryptographic keys. (German Utility Model 201 12 350).Franking machines are developed for the most part only for a singlepurpose, namely to print postal indicia. Expensive encryption technologyis thereby used. If further application possibilities for such deviceswere able to be developed wherein the accepted signal algorithms couldbe used without a danger of confusion with the postal indicia, thiswould expand the functionality of the device.

U.S. Pat. No. 6,058,384 generating a signature for a refund indicium,wherein an invalid ZIP code is used, for example 00000-0000. This shouldprevent a tamperer from fraudulently using the signature as an ordinaryprinted postmark to send mail.

Alternatives to assemble data for processing with the cryptographicalgorithms in a specific manner dependent on the communication type, orin which the communication format is selected differently for a downloadindicia than for the communication format of an ordinary indicia, forexample completely without ZIP, etc., are not always implementable dueto the very different regulations of the national postal authorities orprivate postal carriers.

SUMMARY OF THE INVENTION

An object of the present invention is to provide a method and anarrangement for variable generation of cryptographic securities forcommunications in a host device, wherein the varying generation iscontrolled dependent on the communication type that has been set.

The object is achieved in accordance with the invention in a method andarrangement wherein different signatures are used for cryptographicallysecuring a communications that are used for different purposes. Thedifferent cryptographic algorithms to generate signatures differing intype can be implemented separately or together in a logic module byhardware or by a program in the read-only memory of a postal securitydevice (PSD).

Based on the recognition that the storage of different programs in theaforementioned read-only memory (each program serving to implement aspecific cryptographic algorithm) enables an arbitrary combination ofsigning algorithms and hash algorithms for a communication type, a logicmodule is additionally connected to a postal security device. The logicmodule, alone or in conjunction with programs in the read-only memory ofthe postal security device and, if necessary, additionally with programsin the read-only memory of the host device, implements at least onespecific algorithm from the multiple cryptographic algorithms, theimplementation being controlled dependent on the communication type thathas been set. The cryptologic module has at least one output that isdirectly or indirectly circuited to the input of a second logic circuitinside the postal security device. The cryptoalgorithms can beimplemented outside of the PSD in the cryptologic module and/or insidethe PSD. By switching over, the inputs or outputs of logic circuits orparameters of hash functions can be switched by a logic circuit, thelogic circuits using identical and differently assembledcryptoalgorithms. A changeover switch can be implemented in the PSDand/or outside of the PSD, and thereby be triggered by the PSD or host.The generation of a signature should be determined less by the hostapplication and more the PSD application. Even more suitable arevariants in which the changeover switch is realized in the PSD. Shouldthe host application be determinative, variants are preferable in whichthe changeover switch is realized outside of the PSD. A number ofvariants of the structure implemented inside the cryptologic module andinside the PSD, and the interconnection of both under normal operatingconditions are available, such that signatures can be generated that areinvalid for the franking of mail but are suitable or valid for otherpurposes. Further application possibilities in the field of mailprocessing are special indicia such as, for example, postage correctionindicia or military or embassy mail. Moreover, there are non-postalapplications in the field of ticketing and monetary documents for whichaccepted signing algorithms now can be used in accordance with theinvention, without a danger of confusion with postal indicia. Thispermits further application possibilities to be developed, which expandsthe functionality of franking machines.

DESCRIPTION OF THE DRAWINGS

FIG. 1 is simplified depiction of the generation of a signature by meansof a known postal security device (prior art).

FIG. 2 shows a host-controlled switch for the cryptoalgorithms forgeneration of a signature by means of the postal security device,according to a first version of the invention.

FIGS. 3 and 4 illustrate of the structures of cryptoalgorithms suitablefor use in the inventive method and arrangement.

FIG. 5 a shows a second version of a host-controlled switch for thecryptoalgorithms for generation of a signature by a postal securitydevice in accordance with the invention.

FIG. 5 b shows a first version of a PSD-controlled switch for thecryptoalgorithms for generation of a signature by a postal securitydevice in accordance with the invention.

FIG. 6 shows a second version of a PSD-controlled switch for thecryptoalgorithms for a generation of a signal by a postal securitydevice in accordance with the invention.

FIG. 7 shows a third version of a PSD-controlled switch for thecryptoalgorithms for generation of a signature by a postal securitydevice in accordance with the invention.

FIG. 8 shows a third version of a host-controlled switch for thecryptoalgorithms for generation of a signature by a postal securitydevice in accordance with the invention.

FIG. 9 shows a fourth version of a host-controlled switch for thecryptoalgorithms for a generation of a signature by a postal securitydevice in accordance with the invention.

FIG. 10 shows a host and PSD-controlled switch for the cryptoalgorithmsfor a generation of a signature by a postal security device inaccordance with the invention.

FIG. 11 is a block diagram of a host device in accordance with theinvention.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

FIG. 1 shows a simplified depiction of the generation of a signature bymeans of a known postal security device (PSD). Via an input e of the PSD10, a communication m is applied to a first logic circuit 11 thatapplies a first cryptoalgorithm to the communication m. The output a ofthe first logic circuit 11 is connected to the input of a second logiccircuit 12 that applies a digital signal algorithm (DSA) to the outputsignal in order to generate data for a signature. The logic circuits canbe a software or hardware module that implements the correspondingalgorithm according to software or hardware. For example, the digitalsignal algorithm (DSA) known from U.S. Pat. No. 5,231,668, or acomparable standard algorithm, is implemented according to software bythe second logic circuit. A corresponding program that can be processedby a microprocessor (not shown) is implemented in the read-only memory(not shown) of the second logic circuit of the security module. Incontrast to such known techniques, the first cryptoalgorithm isinventively implemented according to hardware and externally of the PSD10 by means of the first logic circuit. In a first version, the firstlogic circuit is realized such that it can be connected to the PSD. Inorder to generate signatures for different purposes, an arrangement isachieved that uses two different permissible hash functions in the samesigning algorithms.

FIG. 2 shows a host-controlled switch of the cryptoalgorithms forgeneration of a signature by a postal security device. In this firstversion, the logic circuit 21 for the cryptoalgorithm 1 and the logiccircuit 22 for the cryptoalgorithm 2 are connected at their inputs andrespectively lead at their outputs to contacts I and II of a changeoverswitch 24. The switch 24 is connected at its output to the input of thesecond logic circuit 12 that applies the DSA to the output signal inorder to generate data for a signature. Both logic circuits 21 and 22and the changeover switch 24 form a host-controlled cryptologic module20 which has a control data input c and is connected at its output dwith the information output i of the PSD 10.

The usable algorithms specified in the IBI program of the Americanpostal authority USPS are RSA (Rivest, Shamir, Adleman), DSA (DigitalSignal Algorithm), and ECDSA (Elliptic Curve Digital SignatureAlgorithm), which are respectively limited with the SHA-1 (Secure HashAlgorithm).

If a signing key sk of a postal security device (PSD) is applied to acommunication m for a first purpose, for example to account for anordinary indicium (49 bytes), the calculation of the signature sig forthe communication m ensues as follows:sig=DSAsign(sk, SHA-1(m))   (1)

For a second purpose, the second communication M is specified. Incontrast to the equation (1) used for the first purpose, the signatureSIG for a second purpose, for example for a refund indicium, iscalculated as follows:SIG=DSAsign(sk, SHA-1(SHA-1(M))),   (2)

By the double application of SHA-1 instead of a single application ofSHA-1, it can be prevented that a signature calculated for the secondpurpose is output for the first purpose. A security examination showsthat in this manner, a tamperer achieves as a by-product of an ordinarysignaturem′=SHA-1(M),   (3)which is not helpful for reuse, because the data set of thiscommunication has a length of 160 bits=20 bytes, and to “reuse” asignature, a communication would have to have a data set with a lengthof 49 bytes. In practice, the knowledge of any 49-byte long data set isnot sufficient for a fraudulent manipulation. For deception to work, thedeceiver for the most part would have to already be able to select thedata set.

FIG. 3 shows a combination of identical cryptoalgorithms 221 and 222within the logic circuit 22. The logic circuit 22 is differentiated fromthe logic circuit 21 by the application of another cryptoalgorithm orvia the doubled application of the same cryptoalgorithm.

There are a number of other possible combinations to form acryptoalgorithm. FIG. 3 shows simple structures of suchcryptoalgorithms, wherein the logic circuit 22 is differentiated fromthe logic circuit 21 by the additional application of a furthercryptoalgorithm. It is known to form an HMAC that is based on a knownhash function SHA-1. In addition to the communication m, an H-MACrequires a key k as an input. The logic circuit 22 is differentiatedfrom the logic circuit 21 by the additional application of anothercryptoalgorithm or by the application of different keys in an identicalcryptoalgorithm. Two publicly known parameters can be agreed upon askeys, for example 1010 for ordinary indicia and 0101 for refund indicia.The parameters must be publicly known because the latter is likewiserequired by the receiver of the indicia for verification. In thisvariant, the problem does not ensue that was illustrated for refundindicia in the above-identified case of operation in the above securityexamination, because a refund indicium is formed with the same signingkey, but with a different combination of signing and hash algorithms, asan ordinary indicium. Moreover, a refund can be effected directly withthe producer infrastructure via an online transaction, in a manneranalogous to credit downloading. To authenticate the correspondingcommunication of the PSD, a different signing key is used than forordinary indicia. In this manner, the existing signatures never can bemisused for indicia purposes

A second version of a host-controlled switch for the cryptoalgorithmsfor a generation of a signature by a postal security device is shown inFIG. 5 a. An ordinary postal security device PSD 10 is thereby connectedwith a cryptologic module 20, and thus its functionality is expandedsuch that signatures can be formed that are appropriate for threedifferent purposes. The ordinary PSD 10 again has two logic circuits 11and 12, which can be a software or a hardware module. The cryptologicmodule 20 provides a host-controlled input-side changeover switch 24 forthe communication m. The contacts I, II and III of the changeover switch24 respectively connect to the inputs e1, e2, e3 of the logic circuits11, 22, 23. The logic circuits 22 and 23 are arranged in the cryptologicmodule 20. The cryptologic module 20 has on the output side a connectionto the outputs a2, a3 of the logic circuits 22 and 23 and a connectionof the output d of the information input i of the PSD 10. The output a1of the logic circuit 11 is likewise connected with the information inputi of the PSD 10. The information input i of the PSD 10 is connected onthe input side with the second logic circuit 12, which applies a furtheralgorithm, for example a DSA, to the output signal in order to generatedata for a signature.

FIG. 5 b shows a PSD-controlled switch for the cryptoalgorithms forgeneration of a signature by a postal security device according in afirst version. The PSD has an internal logic circuit 11 for a firstcryptoalgorithm and a second logic circuit 12 in order to generate datafor a signature. The cryptologic module 20 includes logic circuits for asecond cryptoalgorithm 22 and a third cryptoalgorithm 23, and requiresno input-side changeover switch. Therefore, a PSD-controlled input-sidechangeover switch 14 is provided in the PSD 10 for the communication m.The contacts I, II and III of the changeover switch 14 and respectivelyconnected to the inputs e1, e2, e3 of the logic circuits 11, 22, 23. Thelogic circuits 22 and 23 are arranged in the cryptologic module 20 andrespective inputs e2 and e3 are provided. The cryptologic module 20 hason the output side a connection d to the outputs a2, a3 of the logiccircuits 22 and 23 with the information input i of the PSD 10.

FIG. 6 shows a second variation of a PSD-controlled switch of thecryptoalgorithms for a generation of a signature by a postal securitydevice. No input-side changeover switch is provided for thecommunication m, but rather the latter connects to the input e₁ of afirst logic circuit 21 for a first cryptoalgorithm. Its output a₁ isconnected to the first contact I of a changeover switch 14 within thePSD 10. The output a₁ is connected to the input e₂ of a first logiccircuit 11 inside the PSD 10. Its output a₂ is connected to the secondcontact II of the changeover switch 14 within the PSD 10. Each of thefirst logic circuits 21 and 11 can employ the same cryptoalgorithm andare successively traversed by the communication when the contact II ofthe changeover switch 14 is selected by the PSD 10 via a control datainput c. The output a₁ of the first logic circuit 21 is connected to theinput e₃ of a third logic circuit 23 of the cryptologic module 20, whichis external of the PSD 20. Its output a₃ is connected to the thirdcontact III of the changeover switch 14 within the PSD 10. In thissecond version of a PSD-controlled switch, the switching between thefirst logic circuit 21 and the third logic circuit 23, that are botharranged externally of the PSD 10, ensues directly before the traversalof the second logic circuit 12, which is internally arranged in the PSD10.

FIG. 7 shows a PSD-controlled switch for the cryptoalgorithms forgeneration of a signature by a postal security device according to thirdversion. A first logic circuit 21 for a first cryptoalgorithm has aninput e₁ for a communication m and an output a₁ that is connected withan input e₂ of a second logic circuit 23 for a second cryptoalgorithm.The output a₂ of the second logic circuit 23 is connected with an inpute₃ of a third logic circuit 23 for a third cryptoalgorithm, the outputof which a₃ connects to the information input of the postal securitydevice 10. The cryptologic module 20 is connected on the output sidewith the postal security device 10, and the output a₁ of the first logiccircuit 21 is connected to a first contact I. The output a₂ of thesecond logic circuit 22 is connected to a second contact II, and theoutput a₃ of the further logic circuit 23 is connected to a thirdcontact III of a PSD-controlled changeover switch 14 inside the postalsecurity device 10. The changeover switch 14 is coupled on the outputside to a second logic circuit 12 within the postal security device 10that generates the signature.

FIG. 8 shows a third version of a host-controlled switch of thecryptoalgorithms for generation of a signature by a postal securitydevice. A cryptologic module 20 arranged externally of the postalsecurity device 10 is connected with at least with its output d with aninformation input i of the postal security device 10. The postalsecurity device 10 internally contains a logic circuit 12 that applies adigital signal algorithm to the output signal supplied by output d, inorder to generate data for a signature. The cryptologic module 20includes a number of logic circuits 21, 23 and a changeover switch 26that has a control data input c₂ for control via a host (not shown). Thechangeover switch 26 is connected with the further logic circuit 23 andswitches a key k1, k2 for the further cryptoalgorithm. A first logiccircuit 21 for a first cryptoalgorithm has an input e₁ for acommunication m and an output a₁ that is connected with an input e₃ fora further logic circuit 23 for a further cryptoalgorithm, the output a₃of which is connected to the information input i of the second logiccircuit 12 that generates the signature.

FIG. 9 shows a fourth version of a host-controlled switch for thecryptoalgorithms for generation of a signature by a postal securitydevice. In addition to the switching of the third version, that has afirst changeover switch 26 that switches a key k1, k2 for the furthercryptoalgorithm of the further logic circuit 23, a second changeoverswitch 24 is provided in the host-controlled cryptologic module 20.Contacts I and II of the changeover switch 24 are connected with theoutputs a₁ and a₃ of the first and third logic circuits 21 and 23. Thechangeover switch 24 forms on the output side the output d that isconnected with the information input i of the postal security device 10.The changeover switches 24 and 26 are controlled by a host (not shown)via a control data input c₁, c₂.

FIG. 10 shows a host- and PSD-controlled switching for thecryptoalgorithms for generation of a signature by a postal securitydevice. The postal security device 10 comprises at least one logiccircuit 11, and the cryptologic module 20 has at least one logic circuit23. The cryptologic module 20 has a first host-controlled changeoverswitch 26 that switches a key k1, k2 for the further cryptoalgorithm ofthe further logic circuit 23. To switch between the outputs a₁ and a₃ ofthe first and third logic circuits 11 and 23, a second PSD-controlledchangeover switch 14 is provided in the postal security device 10.Contacts I and II of the changeover switch 14 are connected with theoutputs a₁ and a₃ of the first or, respectively, third logic circuits 11and 23, respectively.

FIG. 11 shows a block diagram of a host device. The postal securitydevice 10 and the cryptologic module 20 are connected under normaloperating conditions by means of interfaces i, d via a host-internal BUS37. A hardware and interface switch 13 of the postal security device 10for the interface i can be realized, for example, with anapplication-specific switch (ASIC). The latter is connected with a dataprocessing unit 16 for implementation of the aforementionedcryptographic functions and with non-volatile storage 15 forimplementation of further functions. The data processing unit 16 has amicroprocessor (μP) with real-time clock (RTC), FLASH storage, and mainmemory (SRAM). The security device 10 has internal monitoring units 17and 19 and an internal bus 19. The host device 1 likewise has anon-volatile storage 35, microprocessor 36, read-only memory 33, mainmemory 34, as well as a modem 32, keyboard 39, and display controller 38with display unit (not shown). The host device 1 can be connected via acommunication connection 2 with a remote data central 5. The datacentral 5 has, for example, a modem 52, a server 53, and a databank 54.The host device 1 can—in a manner not shown—be connected via acommunication connection or interface with a further device, for examplea print device.

The invention of not limited to the described embodiments, in which atleast two different hash functions permitted by an authority are used inthe same signing algorithm. Alternatively, the same hash function can beused in two different permitted signing algorithms. The cryptologicmodule 20 is then likewise connected with the PSD 10. The variouspermitted signing algorithms and their switching are undertakenaccording to software. The cryptologic module 20 comprises only a logiccircuit 21 for a cryptoalgorithm, for example a known hash function.

Although modifications and changes may be suggested by those skilled inthe art, it is the intention of the inventor to embody within the patentwarranted hereon all changes and modifications as reasonably andproperly come within the scope of his contribution to the art.

1. An arrangement for variably generating cryptographic securities, forcommunications, in a host device, comprising: a postal security devicehaving an information input; a cryptologic module external to saidpostal security device, having an output connected to said informationinput of said postal security device, said cryptologic module supplyinga cryptoalgorithm at said output; and a logic circuit in said postalsecurity device, connected to said information input, which applies adigital signal algorithm to said cryptoalgorithm output from saidcryptologic module, to generate data for a signature.
 2. An arrangementas claimed in claim 1 wherein said cryptologic module has a control datainput for receiving control data generated by said host device to modifysaid cryptoalgorithm output.
 3. An arrangement as claimed in claim 2wherein said cryptologic module comprises a plurality of logic circuitsthat affect said cryptographic output and a switch connected betweeneach of said logic circuits and said cryptoalgorithm output, andconnected to said control data input for connecting one of said logiccircuits to said cryptoalgorithm output dependent on said control data.4. An arrangement as claimed in claim 3 wherein a first of said logiccircuits contains a first cryptoalgorithm and a second of said logiccircuits contains a second cryptoalgorithm, and wherein said switchconnects one of said first cryptoalgorithm and said secondcryptoalgorithm to said cryptoalgorithm output dependent on said controldata.
 5. An arrangement as claimed in claim 1 wherein said postalsecurity device comprises a first logic circuit containing a firstcryptoalgorithm, in addition to said logic circuit that generates saiddata for a signature, and wherein said cryptologic module comprises asecond logic circuit containing a second cryptoalgorithm and a thirdlogic circuit containing a third cryptoalgorithm, each of said first,second and third logic circuits having an input and an output, theoutput of said first logic circuit being connected to said informationinput of said postal security device and the respective outputs of saidsecond and third logic circuits being connected to said cryptoalgorithmoutput of said cryptologic module, and said cryptologic module furthercomprising a switch having outputs respectively connected to the inputsof said first, second and third logic circuits and an input suppliedwith a communication from said host device, and having a control datainput supplied with control data from said host device to supply saidcommunication to one of said first, second or third logic circuitsdependent on said control data.
 6. An arrangement as claimed in claim 1wherein said cryptologic module comprises a first logic circuitcontaining a first cryptoalgorithm, having an input to which acommunication is supplied by said host device, and having an output, anda second logic circuit a second cryptoalgorithm having an inputconnected to said output of said first logic circuit and an outputforming said cryptoalgorithm output of said cryptologic module.
 7. Anarrangement as claimed in claim 6 wherein said second logic circuit hasa key input, and wherein said cryptologic module comprises a switchhaving a plurality of inputs to which respective cryptographic keys aresupplied, and an output connected to said key input of said second logiccircuit and a control data input to which control data are supplied bysaid host device for supplying said key input with one of saidcryptographic keys, dependent on said control data, for use in saidsecond cryptoalgorithm.
 8. An arrangement as claimed in claim 7 whereinsaid switch is a first switch and wherein said control data are firstcontrol data, and wherein said cryptologic module comprises a secondswitch having inputs respectively connected to the output of said firstlogic circuit and the output of said second logic circuit, and an outputforming said cryptoalgorithm output of said cryptologic module, andhaving a control data input supplied with said second control data fromsaid host device, said second switch, dependent on said second controldata, connecting the output of one of said first logic circuit or saidsecond logic circuit to said cryptoalgorithm output.
 9. An arrangementas claimed in claim 1 wherein said postal security device comprises afirst logic circuit, in addition to said logic circuit that generatessaid data for said signature, containing a first cryptoalgorithm, saidfirst logic circuit having an input supplied with a communication fromsaid host device, and an output, and wherein said cryptologic modulecomprises a second logic circuit containing a second cryptoalgorithm,said second logic circuit having an input connected to the output ofsaid first logic circuit, a key input, and an output forming saidcryptoalgorithm output of said cryptologic module, and said cryptologicmodule comprising a first switch having inputs respectively suppliedwith different cryptographic keys, an output connected to said keyinput, and a control data input supplied with first control data fromsaid host device for supplying one of said different keys to said secondlogic circuit for use in said second cryptoalgorithm, and wherein saidpostal security device comprises a second switch having inputsrespectively connected to the output of said first logic circuit and tosaid cryptoalgorithm output of said cryptologic module, an outputconnected to said logic circuit that generates said signature, and acontrol data input supplied with second control data by said host devicefor connecting the output of one of said first logic circuit or saidsecond logic circuit to said logic circuit that generates saidsignature.
 10. An arrangement as claimed in claim 1 wherein said postalsecurity device comprises a first logic circuit containing a firstcryptoalgorithm, in addition to said logic circuit that generates saiddata for a signature, and wherein said cryptologic module comprises asecond logic circuit containing a second cryptoalgorithm and a thirdlogic circuit containing a third cryptoalgorithm, each of said first,second and third logic circuits having an input and an output, theoutput of said first logic circuit being connected to said informationinput of said postal security device and the respective outputs of saidsecond and third logic circuits being connected to said cryptoalgorithmoutput of said cryptologic module, and said postal security devicefurther comprising a switch having outputs respectively connected to theinputs of said first, second and third logic circuits and an inputsupplied with a communication from said host device, and having acontrol data input supplied with control data from said host device tosupply said communication to one of said first, second or third logiccircuits dependent on said control data.
 11. An arrangement as claimedin claim 1 wherein said cryptologic module comprises a first logiccircuit containing a first cryptoalgorithm and having an input suppliedwith a communication from said host device, and an output, and a secondlogic circuit containing a second cryptoalgorithm having an inputconnected to the output of said first logic circuit and an outputforming said cryptoalgorithm output of said cryptologic module, andwherein said postal security device comprises a third logic circuit, inaddition to said logic circuit that generates said signature, containinga third cryptoalgorithm and having an input connected to the output ofsaid first logic circuit, and wherein said postal security devicecontains a switch having inputs respectively connected to the outputs ofsaid first logic circuit, said second logic circuit and said third logiccircuit, an output connected to said logic circuit that generates saidsignature, and a control data input supplied with control data by saidhost device for connecting one of the outputs of the first logiccircuit, the second logic circuit or the third logic circuit to saidlogic circuit that generates said signature.
 12. An arrangement asclaimed in claim 1 wherein said cryptologic module comprises a firstlogic circuit containing a first cryptoalgorithm and having an inputsupplied with a communication from said host device, and an output, anda second logic circuit containing a second cryptoalgorithm having aninput connected to the output of said first logic circuit, and a thirdlogic circuit containing a third cryptoalgorithm and having an inputconnected to the output of said second logic circuit and an outputforming said cryptoalgorithm output of said cryptologic module, andwherein said postal security device contains a switch having inputsrespectively connected to the outputs of said first logic circuit, saidsecond logic circuit and said third logic circuit, an output connectedto said logic circuit that generates said signature, and a control datainput supplied with control data by said host device for connecting oneof the outputs of the first logic circuit, the second logic circuit orthe third logic circuit to said logic circuit that generates saidsignature.